-
### Description
#### Issue
The x509certificate2 class fails loading a pfx file which contains a ed25519 private key and it's certificate (+ chain)
The real failure seems to be [here](https:/…
-
Vulnerable Library - jose4j-0.9.3.jar
The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).
I…
-
The passwords are generated using Math.random(), which isn't a cryptographically-secure source of random numbers (at least not in most browsers). The problem here is that the passwords this library ge…
-
After a few iterations on both cryptographic primitives and language designs, biscuit is in a phase of iterative improvements.
Biscuit is used in production in several places, the rust implementati…
Geal updated
11 months ago
-
The move has been towards using deterministic ECDSA rather than random ECDSA as described in RFC6979. This is a better signature algorithm in that it does not suffer from the problems of bad random n…
-
Hello, I received a Critical Severity alert today from the `crypto-js` NPM package. I am sure you probably did as well, it stated that:
```md
crypto-js PBKDF2 1,000 times weaker than specified in 19…
-
At the moment, I made a React fronted to test the entire flow, using webautn-json.
I was wondering if there is an easier way of testing the entire flow without me needing to make a frontend? Since…
-
# 36 potential secrets found in repository
| `🔑 Private Key` | `🔒 Generic API Key` | `☁️ Cloud API Key` | `💬 Slack token` | `Misc.` |
|-|-|-|-|-|
| 3 | 9 | 1 | 0 | 23 |
**`ID: 01HX8963NQ8JCM6V66KH88…
-
Hey - brilliant gem - was initially looking at Doorkeeper but was extremely pleased to find this one as its precisely what we needed.
I do have a use case I wanted to ask a question about, though. …
-
I've been starting to think about how to add support for async crypto engines to `snow` (like crypto coprocessors, or in my case, the [Web Crypto API](https://docs.rs/web-sys/0.3.60/web_sys/struct.Sub…